CN

MirrorFaceMirrorFace

Also known as: Earth Kasha · MirrorFace

Origin
CN
Known aliases
2

Profile

MirrorFace is a Chinese-speaking advanced persistent threat group that has been targeting high-value organizations in Japan, including media, government, diplomatic, and political entities. They have been conducting spear-phishing campaigns, utilizing malware such as LODEINFO and MirrorStealer to steal credentials and exfiltrate sensitive data. While there is speculation about their connection to APT10, ESET currently track them as a separate entity.

Aliases· 2

Earth KashaMirrorFace

References

  1. https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/
  2. https://web-assets.esetstatic.com/wls/2023/01/eset_apt_activity_report_t32022.pdf
  3. https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/
  4. https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html
  5. https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Earth Yako
Actor
Hellsing
Actor
Earth Kitsune
Actor
LongNosedGoblin
Actor
APT37
Actor
Scarlet Mimic
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.